2012/9/13 Nicholas Nethercote <n.netherc...@gmail.com>: > On Thu, Sep 13, 2012 at 4:27 PM, Jonas Sicking <jo...@sicking.cc> wrote: >> >> * Some content providers strike deals with hardware manufacturers >> which allow devices made by the manufacturer to access content for >> free. One way that this is implemented is by looking for tokens in UA >> strings and serve content based on this. > > I think this is the worst abuse of a UA string I've ever heard of.
This. Also, there is a precedent in the WebGL strings that may be worth recalling here. OpenGL exposes some strings, giving the GPU model, vendor name, and precise driver version. Application developers repeatedly said they wanted us to expose these through WebGL. At some point, the WebGL spec called for these strings to be exposed. We argued against this for the following reasons: 1. any UA-string-like solution is known to give more trouble than it solves in practice, with applications mis-parsing them or becoming overly reliant on accidental details of these strings, creating artificial portability issues. 2. there are privacy issues with this too, both explicit (what you point out above) and implicit (increasing the number of uniquely-identifying bits is never great, needs to be justified). In the end we won this "battle" and the WebGL spec no longer calls for exposing this info. That doesn't mean that the application developers' problem wasn't legitimate, but there should exist better solutions to it: solutions that don't rely on the fragile parsing of a string and that don't expose more personal information than is strictly needed. Again, that was a digression on the WebGL precedent --- hope that was not too off-topic. Cheers, Benoit > > Nick > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform